From 0c6fe94cf4dccb98c5941a9694d66fe01a7f216e Mon Sep 17 00:00:00 2001
From: Maisem Ali <maisem@tailscale.com>
Date: Mon, 28 Aug 2023 12:56:44 -0700
Subject: [PATCH] cmd/k8s-operator: add matching family addresses to status

This was added in 3451b89e5f01fd6c4845bcbf06f1bece9f39cdfc, but
resulted in the v6 Tailscale address being added to status when
when the forwarding only happened on the v4 address.

Updates #502

Signed-off-by: Maisem Ali <maisem@tailscale.com>
---
 cmd/k8s-operator/operator_test.go |  9 ---------
 cmd/k8s-operator/svc.go           | 14 +++++++++++++-
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/cmd/k8s-operator/operator_test.go b/cmd/k8s-operator/operator_test.go
index cdbe668b2..00cea9e92 100644
--- a/cmd/k8s-operator/operator_test.go
+++ b/cmd/k8s-operator/operator_test.go
@@ -108,9 +108,6 @@ func TestLoadBalancerClass(t *testing.T) {
 					{
 						IP: "100.99.98.97",
 					},
-					{
-						IP: "2c0a:8083:94d4:2012:3165:34a5:3616:5fdf",
-					},
 				},
 			},
 		},
@@ -375,9 +372,6 @@ func TestAnnotationIntoLB(t *testing.T) {
 					{
 						IP: "100.99.98.97",
 					},
-					{
-						IP: "2c0a:8083:94d4:2012:3165:34a5:3616:5fdf",
-					},
 				},
 			},
 		},
@@ -467,9 +461,6 @@ func TestLBIntoAnnotation(t *testing.T) {
 					{
 						IP: "100.99.98.97",
 					},
-					{
-						IP: "2c0a:8083:94d4:2012:3165:34a5:3616:5fdf",
-					},
 				},
 			},
 		},
diff --git a/cmd/k8s-operator/svc.go b/cmd/k8s-operator/svc.go
index 954b825a8..a14a61c61 100644
--- a/cmd/k8s-operator/svc.go
+++ b/cmd/k8s-operator/svc.go
@@ -8,6 +8,7 @@ package main
 import (
 	"context"
 	"fmt"
+	"net/netip"
 	"strings"
 
 	"go.uber.org/zap"
@@ -121,6 +122,11 @@ func (a *ServiceReconciler) maybeProvision(ctx context.Context, logger *zap.Suga
 		tags = strings.Split(tstr, ",")
 	}
 
+	clusterIPAddr, err := netip.ParseAddr(svc.Spec.ClusterIP)
+	if err != nil {
+		return fmt.Errorf("failed to parse cluster IP: %w", err)
+	}
+
 	sts := &tailscaleSTSConfig{
 		ParentResourceName:  svc.Name,
 		ParentResourceUID:   string(svc.UID),
@@ -158,7 +164,13 @@ func (a *ServiceReconciler) maybeProvision(ctx context.Context, logger *zap.Suga
 		{Hostname: tsHost},
 	}
 	for _, ip := range tsIPs {
-		ingress = append(ingress, corev1.LoadBalancerIngress{IP: ip})
+		addr, err := netip.ParseAddr(ip)
+		if err != nil {
+			continue
+		}
+		if addr.Is4() == clusterIPAddr.Is4() { // only add addresses of the same family
+			ingress = append(ingress, corev1.LoadBalancerIngress{IP: ip})
+		}
 	}
 	svc.Status.LoadBalancer.Ingress = ingress
 	if err := a.Status().Update(ctx, svc); err != nil {